Setting Up Event-Driven Role Access Request Denials
Date Posted:
31 Jan 2026
Category:
Security
Setting Up Event-Driven Role Access Request Denials
Date Posted:
31 Jan 2026
Category:
Security
Setting Up Event-Driven Role Access Request Denials
Date Posted:
31 Jan 2026
Category:
Security
SailPoint ISC: Setting Up Event-Driven Role Access Request Denials
Introduction Of Setting Up Event-Driven Role Access Request Denials
In SailPoint Identity Security Cloud (ISC), managing access requests for roles can become challenging when approvals are handled in ServiceNow. This post presents a reliable workaround using event triggers and workflows to detect, evaluate, and programmatically deny such requests before they proceed.
Why event trigger?
Using the event trigger is mandatory without it, the request will not be captured and the workflow will not execute.
Event trigger details
Trigger Name - Access Request Submitted
Trigger ID - idn:access-request-pre-approval
Description - An access request to add or remove access from a user was submitted.
Type - Response Required
Why workflow?
The Access Request Submitted event trigger is a response required trigger, without the response, the access request will not get rejected. While making the API back to the event trigger, we have to use the callback URL and secret from the event trigger.
Workflow details
The workflow is initiated by an external trigger, which is fired by the event trigger. Once triggered, you can add customization steps to meet specific requirements. Before the workflow completes, it must make a POST API call back to the event trigger using the provided callback URL and secret.
Sample input to the Post API call :
{
"secret": "",
"output":{
"approved": false,
"comment": "This access should be denied, because this will cause an violation.",
"approver": "AcmeCorpExternalIntegration"
}
}
Conclusion
This approach provides an automation path for rejecting role access requests initiated from ServiceNow to SailPoint ISC. By using the idn:access-request-pre-approval event trigger along with an external workflow, and applying a rejection callback, organizations can enforce consistent denial logic.
Stay tuned to our blog to see more posts about
Sailpoint products implementation and its related updates.
Stay tuned to our blog to see more posts about
Sailpoint products implementation and its related updates.
Category:
Security
Stay tuned to our blog to see more posts about
Sailpoint products implementation and its related updates.
Stay tuned to our blog to see more posts about
Sailpoint products implementation and its related updates.
Category:
Category:
Security
Security
Get your
Tailored Quote for your
Organisation
Get your
Tailored Quote for your
Organisation
SailPoint ISC: Setting Up Event-Driven Role Access Request Denials
Introduction Of Setting Up Event-Driven Role Access Request Denials
In SailPoint Identity Security Cloud (ISC), managing access requests for roles can become challenging when approvals are handled in ServiceNow. This post presents a reliable workaround using event triggers and workflows to detect, evaluate, and programmatically deny such requests before they proceed.
Why event trigger?
Using the event trigger is mandatory without it, the request will not be captured and the workflow will not execute.
Event trigger details
Trigger Name - Access Request Submitted
Trigger ID - idn:access-request-pre-approval
Description - An access request to add or remove access from a user was submitted.
Type - Response Required
Why workflow?
The Access Request Submitted event trigger is a response required trigger, without the response, the access request will not get rejected. While making the API back to the event trigger, we have to use the callback URL and secret from the event trigger.
Workflow details
The workflow is initiated by an external trigger, which is fired by the event trigger. Once triggered, you can add customization steps to meet specific requirements. Before the workflow completes, it must make a POST API call back to the event trigger using the provided callback URL and secret.
Sample input to the Post API call :
{
"secret": "",
"output":{
"approved": false,
"comment": "This access should be denied, because this will cause an violation.",
"approver": "AcmeCorpExternalIntegration"
}
}
Conclusion
This approach provides an automation path for rejecting role access requests initiated from ServiceNow to SailPoint ISC. By using the idn:access-request-pre-approval event trigger along with an external workflow, and applying a rejection callback, organizations can enforce consistent denial logic.